05-436 / 05-836 / 08-534 / 08-734 / 19-534 / 19-734 Usable Privacy and Security
Homework 4
Print your homework out and submit it in person at the start of class
(3:00pm) on Monday, February 15th. Homework will not be accepted after 3:00pm on that day.
- Part 1 (50 points): One of the major usability challenges relating to passwords is that most users have dozens of accounts, yet it is difficult or impossible to remember dozens of distinct, complex passwords. Therefore, people often reuse passwords across these accounts or make only minor modifications to existing passwords. In the common case of password breaches, attackers will try the same usernames and passwords from the breached site on other, often higher value sites (e.g., financial sites or email providers), compromising the accounts of people who reused their password.
For this part of the homework, design a short (4 -- 6 questions, and no more than 12 minutes long) interview study exploring a research question of interest to you in the area of passwords or password reuse. You may choose to investigate whether participants have strategies for reusing passwords, such as using the same password on all accounts they believe to have little value (e.g., news websites), or perhaps all sites regardless of value. You might choose to investigate how participants come up with new passwords. You could investigate whether or not they believe there are security risks in reusing passwords across accounts, as well as what those risks might be. It's up to you to choose the research question, but don't try to do too much in such a short interview! At some point in the interview study, have your participants imagine they have to create a new account (give them details about what this account will be!) and ask them to create a password for this account.
Turn in a 1--3 sentence description of your research question, along with the final script you use for the interview. Include in your script anything you will say to the participant at any point in the interview, such as welcoming them at the beginning or thanking them and telling them the purpose of the study at the end.
- Part 2 (50 points): Actually conduct this interview with 3 pilot participants (and, if applicable, improve your script in between interviews). While you would not want to have your friends participate in a real study, it's perfectly fine to have your friends participate in a pilot study like this. Then, using the qualitative analysis techniques we've discussed in class, turn in 3 -- 4 paragraphs describing the results. As part of presenting your results, explain what you learned from participants creating a password.
- Part 3 (9-unit students should not do this part. 12-unit students will
receive between 0 and 15 points for this part): Write a 3--7 sentence
summary and short "highlight" for one optional reading assigned for the
February 15th class.